Protiviti fills a unique and valuable position in the market, as depicted below. Protiviti brings a unique blend of knowledge and experience to the table which combines the focus, dedication and independence of a boutique firm, with the methodologies & tools, global presence, and deep skill sets of the Big 4.
Responsive client service
Lack of SEC restrictions
Independent from attest & tax services
Better teaming with external auditors
Focus on core offerings
Methodologies & tools
Depth of risk consulting services
Financial & management stability
Protiviti combines the strengths of the large consulting companies and independent alternatives…without compromise
Growth in the number of Protiviti employees and locations
Recent quarterly earnings
Implementation of a company Intranet, iShare, with cutting-edge knowledge management solution
Recognized as a thought leader through our SOA and Internal Audit FAQs
National alliances and partnerships
Continued training development initiatives
Protiviti Locations Protiviti employs over 2200 professionals in more than 50 locations in North America, Latin America, Europe, Asia and Australia.
Protiviti Clients *All logos used with client permission Our client experience includes organizations across all major industries from global Fortune 500 corporations to small, privately-held, local institutions.*
Our product offerings offer a breadth of internal audit and business and technology risk solutions.
Business Risk Technology Risk Internal Audit
Application Effeteness Solutions
Change Management Solutions
IT Asset Management Solutions
Program Management Solutions
Security and Privacy Solutions
Audit Committee Advisory
IA Technology/Tool Implementation
Internal Audit Co-Sourcing
Internal Audit Full Outsourcing
Internal Audit QA Review
Internal Audit Transformation
IT Audit Services – Start up and Development Advice
Internal Audit An outsourcing provider should have the flexibility to tailor the delivery options to meet the needs of your organization in the short-term and long term. Some common outsourcing options are listed below.
Ad hoc consulting work and execution of internal audit projects on an “as needed” basis.
Examples: transformation/benchmarking, facilitation, IA training, quality assurance reviews, selected internal audits, loan of personnel.
Internal Audit leverages specialized skills/knowledge from outsource provider for specific projects.
Internal Audit partners with outsource partner to manage and execute the IA function, sharing all knowledge, proprietary tools, methodologies, and training, as well as providing substantial amount of resources on a recurring, long-term basis.
Internal Audit department teams with outsource partner for resources on regular, ongoing basis, generally spanning multiple years.
Internal Audit Director manages internal audit function and reports to CFO and Audit Committee.
Director is responsible for implementing the internal audit plan using outsource partner resources to execute.
Partial Outsourcing Full In-House Limited Consulting/ Ad Hoc Projects Strategic Sourcing Specialized Skills Arrangement Co-Sourcing Full Outsourcing Single Audit Director Model Recurring Co-Sourcing Strategic Partnering
In March 2002, the US Justice Department indicted Arthur Andersen for obstruction of justice. Within 2 weeks, many of Andersen’s Fortune 100 Clients had announced going with another firm.
Protiviti launched in May, 2002 with approximately 700 ex-Arthur Andersen employees that had just lost their jobs as a result of the Enron scandal
In June 2002, jurors convicted Andersen for obstructing justice by destroying Enron Corp related documents
The conviction forced Andersen out of business, as the remaining 28,000 employees (two thirds of their workforce) were forced to lose their jobs and the firm was suspended from practicing audit
Three years later the Supreme Court overturned the ruling saying Andersen was convicted without proof that its shredding of documents was deliberately intended to undermine the SEC’s investigation of Enron
Protiviti’s launch in 2002 with only 700 employees was the result of an employment agreement between Robert Half International (“RHI”) and Arthur Andersen
Protiviti was formed as a wholly-owned subsidiary of RHI (a $3.3 billion dollar public company specializing in staffing) and today employs more than 2,200 professionals in more than 50 offices in the Americas, Asia-Pacific and Europe
Protiviti and the RHI divisions refer each other to clients for new business
RHI staffs the appropriate contractors to augment Protiviti engagement teams
RHI and Protiviti use the same shared services for Accounting, IT, Operations, etc.
Section 301 : Publicly traded companies are required to establish a procedure for the confidential, anonymous submission by employees of concerns regarding questionable accounting or auditing matters.
Section 302 : Management must evaluate the design and operational effectiveness of its disclosure controls and procedures quarterly (disclosure controls include internal controls).
Section 404 : Management is required to file an internal control report with their annual report, stating –
Management’s responsibilities to establish and maintain adequate internal controls and procedures for financial reporting
Management’s conclusion on the effectiveness of these internal controls at year end
That the company’s public accountant has attested to and reported on management’s evaluation of internal controls over financial reporting
Section 906 : E xpressly imposes criminal penalties if the information contained in the periodic report does not fairly represent, in all material respects, the financial condition and results of the operations of the issuer.
Our Approach/Methodology Components of Internal Control Reporting Process Management (SarbOx Portal TM ) Assessment Management (The Self Assessor TM ) Knowledge Management PHASE I PHASE II PHASE III PHASE IV Financial Reporting Requirements Relevant Processes Internal Control Report Process Risks Control Design Control Improvements Control Operation Entity-Level Controls Assess Current State and Identify Relevant Processes Set Foundation Project Management Knowledge Sharing Communication Continuous Improvement Document Design and Evaluate Critical Processes and Controls Design Solutions for Control Gaps Implement Solutions for Control Gaps Report Protiviti’s Approach Sarbanes Diagnostics Tools & Technology IT Controls IT Organization and Structure IT Entity-Level Control Evaluations IT Process Level Control Evaluations IT Control Considerations
Significance Low High Low Inventory Costing & Cost of Sales Risk High Stock Compensation & Administration Shipping and Billing Manage Travel & Entertainment Expenses Payroll& Employee Benefit Liabilities AP& Cash Disbursements Asset Management Inventory Reserves Inventory Management Purchasing Incentive Compensation FS Prioritization Process: Risk Map AR& Collections Borrowings Amortize Prepaid & Intangible Assets Managing Cash and Investments Revenue Reserves Tax Compliance IT Order Management Bad Debt Allowances Employee Master File Maintenance Close Process & Consolidation Budgeting Financial Statement Reporting & Disclosures
The Financial Statement Risk Assessment Process “Technology Coverage”
Our Approach: Linkage to IT Document Processes Source Risks Document Controls Assess Design Report Select Priority Elements Validate Operation
Select the priority accounts and disclosures
Consider significance to financial reporting and risk of misstatement
Document the transaction flows that materially impact the priority financial elements
Use financial reporting assertions to source “what can go wrong” within the processes
Document entity controls (“tone at the top”)
Document the controls at the source of the risk (preventive) or downstream in the process (detective)
Assess effectiveness of controls design at entity and process levels
What are the controls?
Who owns the controls?
What are the risks?
How is the controls design rated?
How are the controls performing?
The IT work builds on these steps
Our Approach: Linkage to IT Business Processes / Classes of Transactions Business Processes / Classes of Transactions Process A Process A Process B Process B Process C Process C Financial Applications Application A Application B IT Infrastructure Services Network Operating System Database Application B Significant Accounts in Financial Statements Significant Accounts in the Financial Statements Balance Sheet Balance Sheet Income Income Statement SCFP SCFP Notes Notes Other Other Source: IT Governance Institute – IT Control Objectives for Sarbanes-Oxley, April 2004
Application Controls Business Processes / Classes of Transactions Business Processes / Classes of Transactions Process A Process A Process B Process B Process C Process C Financial Applications Application A Application B IT Infrastructure Services Network Operating System Database Application B Significant Accounts in Financial Statements Significant Accounts in the Financial Statements Balance Sheet Balance Sheet Income Income Statement SCFP SCFP Notes Notes Other Other Source: IT Governance Institute – IT Control Objectives for Sarbanes-Oxley, April 2004